View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0022064 | mantisbt | javascript | public | 2016-12-23 00:53 | 2016-12-30 15:54 |
Reporter | badfiles | Assigned To | community | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.0.0 | ||||
Target Version | 2.0.0 | Fixed in Version | 2.0.0 | ||
Summary | 0022064: datetime picker does not work if 'cdn_enabled' is ON | ||||
Description | core/http.php is missing script security header also local files have an unneccessary execute attribute. | ||||
Tags | No tags attached. | ||||
I confirm the problem. CSP does not include a script-src exception for cdnjs.cloudflare.com. I did not notice it while testing, because the MantisGraph plugin adds an exception for it [1]. badfiles submitted a PR for this at https://github.com/mantisbt/mantisbt/pull/980 [1] https://github.com/mantisbt/mantisbt/blob/release-2.0.0-rc.2/plugins/MantisGraph/MantisGraph.php#L73 |
|
MantisBT: master c1082530 2016-12-22 08:27 Committer: dregad Details Diff |
Fix datetimepicker's files handling - add js hashes - add missing security header - drop execute permissions - use specific version w/o cdn Fixes 0022064 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0022064 |
|
mod - core/constant_inc.php | Diff File | ||
mod - core/http_api.php | Diff File | ||
mod - core/layout_api.php | Diff File |